CVE-2017-1159

CVE-2017-1159 affects IBM Business Process Manager (BPM) 8.0 and 8.5, where improper validation of user-supplied input enables an open redirect that can be used for phishing (spoofed URL leading to a malicious site). The IBM bulletin documents affected BPM versions (V7.5.x to V8.5.x) and provides...

CVE-2017-1159

IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-05198)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

CVE-2016-9693

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be...

CVE-2016-9693

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be...

Design/Logic Flaw

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be...

CVE-2016-9693

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be...

CVE-2016-9731

IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-9731

IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Cross site scripting

IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-9731

Summary: IBM Business Process Manager (BPM) is vulnerable to cross-site scripting via the responsive coach view. The CVE-2016-9731 issue allows embedding arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Affected versions: BPM v8.5.7.0 p...

CVE-2016-9731

IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2016-13273)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

php: out-of-bounds write in fpm_log.c

An out-of-bounds write flaw was found in the fpmlogwrite logging function of PHP's FastCGI Process Manager service. A remote attacker could repeatedly send maliciously crafted requests to force FPM to exhaust file system space, creating a denial of service and preventing further logging...

Symantec IT Management Suite Multiple Issues

SUMMARY Symantec has released updates to address two security issues: a cross-site scripting XSS issue and a denial of service DoS issue reported in the Symantec IT Management Suite ITMS workflow process manager console. AFFECTED PRODUCTS Symantec IT Manage Suite Workflow Process Manager Console...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2016-10042)

IBM Business Process Manager BPM is a comprehensive business process management platform from IBM in the United States. A cross-site scripting vulnerability in Business Space in IBM Business Process Manager can be exploited by remote authenticated users to inject arbitrary web script or HTML...

CVE-2016-3056

Cross-site scripting XSS vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content...

Cross site scripting

Cross-site scripting XSS vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content...

CVE-2016-3056

Cross-site scripting XSS vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content...

IBM Business Process Manager Advanced Cross-Site Scripting Vulnerability

IBM Business Process Manager Advanced is a unified platform for analyzing and improving business operations. A cross-site scripting vulnerability exists in IBM BPM Advanced versions 8.5.6.0 through 8.5.7.0. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into...